Syncing interface
Skip to main content

Whitepaper chapter

Governance

Governance is bounded coordination, not an all-powerful DAO switch. The production direction replaces self-declared voting weights with snapshot weights derived from staked SEEDOS, capped Seed holder bonus, and governance reputation. Governance can tune bands and policy surfaces, but it must not arbitrarily mint, drain treasury, or rewrite anchors. Timelock execution gives users time to inspect changes before they land.

01

Trust boundary

Trust boundary: governance can change bounded parameters; privileged actions must pass multisig/timelock roles; emergency pause remains separate from economic capture.

  • Gameplay mutation remains in USK/Postgres unless explicitly settled.
  • On-chain state is used for ownership, receipts, governance execution, or proof.
  • Public copy must describe the boundary honestly, including what is not decentralized yet.

02

Contract surfaces

Contract surfaces: `WARDGovernor`, `WardenseedTimelock`, `WardenseedTreasuryGovernor`, `AccessControl` roles.

  • Every surface should emit enough events for analytics and incident reconstruction.
  • Privileged functions should be role-gated, timelocked, or emergency-scoped depending on blast radius.
  • Batch, nonce, and root identifiers must remain replay-resistant across upgrades.

03

Operational assumptions

Operational assumption: governance claims should remain honest until voting, timelock, and role rotation are fully deployed.

  • Failure modes must degrade visibly rather than pretending the world is healthy.
  • Security posture takes priority over feature velocity when settlement or treasury risk is involved.
  • Docs, tests, and live proof widgets should evolve together with contract changes.